-
作者:Spears, Janine L.; Barki, Henri
作者单位:DePaul University; Universite de Montreal; HEC Montreal
摘要:This paper examines user participation in information systems security risk management and its influence in the context of regulatory compliance via a multi-method study at the organizational level. First, eleven informants across five organizations were interviewed to gain an understanding of the types of activities and security controls in which users participated as part of Sarbanes-Oxley compliance, along with associated outcomes. A research model was developed based on the findings of the...
-
作者:Anderson, Catherine L.; Agarwal, Ritu
作者单位:University System of Maryland; University of Maryland College Park; University System of Maryland; University of Maryland College Park
摘要:Although firms are expending substantial resources to develop technology and processes that can help safeguard the security of their computing assets, increased attention is being focused on the role people play in maintaining a safe computing environment. Unlike employees in a work setting, home users are not subject to training, nor are they protected by a technical staff dedicated to keeping security software and hardware current. Thus, with over one billion people with access to the Intern...
-
作者:Galbreth, Michael R.; Shor, Mikhael
作者单位:University of South Carolina System; University of South Carolina Columbia; Vanderbilt University
摘要:In this paper, a competitive software market that includes horizontal and quality differentiation, as well as a negative network effect driven by the presence of malicious agents, is modeled. Software products with larger installed bases, and therefore more potential computers to attack, present more appealing targets for malicious agents. One finding is that software firms may profit from increased malicious activity. Software products in a more competitive market are less likely to invest in...
-
作者:Gordon, Lawrence A.; Loeb, Martin P.; Sohail, Tashfeen
作者单位:University System of Maryland; University of Maryland College Park; IE University
摘要:Information security is a fundamental concern for corporations operating in today's digital economy. The number of firms disclosing items concerning their information security on reports filed with the U. S. Securities and Exchange Commission (SEC) has increased in recent years. A question then arises as to whether or not there is value to the voluntary disclosures concerning information security. Thus, the primary objective of this paper is to assess empirically the market value of voluntary ...
-
作者:Johnston, Allen C.; Warkentin, Merrill
作者单位:University of Alabama System; University of Alabama Birmingham; Mississippi State University
摘要:Information technology executives strive to align the actions of end users with the desired security posture of management and of the firm through persuasive communication. In many cases, some element of fear is incorporated within these communications. However, within the context of computer security and information assurance, it is not yet clear how these fear-inducing arguments, known as fear appeals, will ultimately impact the actions of end users. The purpose of this study is to investiga...
-
作者:Abbasi, Ahmed; Zhang, Zhu; Zimbra, David; Chen, Hsinchun; Nunamaker, Jay F., Jr.
作者单位:University of Wisconsin System; University of Wisconsin Milwaukee; University of Arizona
摘要:Fake websites have become increasingly pervasive, generating billions of dollars in fraudulent revenue at the expense of unsuspecting Internet users. The design and appearance of these websites makes it difficult for users to manually identify them as fake. Automated detection systems have emerged as a mechanism for combating fake websites, however most are fairly simplistic in terms of their fraud cues and detection methods employed Consequently, existing systems are susceptible to the myriad...
-
作者:Siponen, Mikko; Vance, Anthony
作者单位:University of Oulu; Brigham Young University
摘要:Employees' failure to comply with information systems security policies is a major concern for information technology security managers. In efforts to understand this problem, IS security researchers have traditionally viewed violations of IS security policies through the lens of deterrence theory. In this article, we show that neutralization theory. a theory prominent in Criminology but not yet applied in the context of IS, provides a compelling explanation for IS security policy violations a...
-
作者:Bulgurcu, Burcu; Cavusoglu, Hasan; Benbasat, Izak
作者单位:University of British Columbia
摘要:Many organizations recognize that their employees, who are often considered the weakest link in information security, can also be great assets in the effort to reduce risk related to information security. Since employees who comply with the information security rules and regulations of the organization are the key to strengthening information security, understanding compliance behavior is crucial for organizations that want to leverage their human capital. This research identifies the antecede...
-
作者:Mahmood, M. Adam; Siponen, Mikko; Straub, Detmar; Rao, H. Raghav; Raghu, T. S.
作者单位:University of Texas System; University of Texas El Paso; University of Oulu; University System of Georgia; Georgia State University; State University of New York (SUNY) System; University at Buffalo, SUNY; Arizona State University; Arizona State University-Tempe
-
作者:Smith, Stephen; Winchester, Donald; Bunker, Deborah; Jamieson, Rodger
作者单位:University of New South Wales Sydney; University of Sydney
摘要:Organizations need to protect information assets against cyber crime, denial-of-service attacks, web hackers, data breaches, identity and credit card theft, and fraud. Criminals often try to achieve financial, political, or personal gain through these attacks, so the threats that their actions prompt are insidious motivators for organizations to adopt information systems security (ISS) approaches. Extant ISS research has traditionally examined ISS in e-commerce business organizations. The pres...
